ADC

Load balancing SYSLOG servers

The NetScaler appliance sends its SYSLOG events and messages to all the configured external log servers. This results in storing redundant messages and makes monitoring difficult for system administrators. To address this issue, the NetScaler appliance offers load balancing algorithms that can load balance the SYSLOG messages among the external log servers for better maintenance and performance. The supported load balancing algorithms include RoundRobin, LeastBandwidth, CustomLoad, LeastConnection, LeastPackets, and AuditlogHash.

Load balancing of SYSLOG servers using the command line interface

At the command prompt, type:

  1. Add a service and specify the service type as SYSLOGTCP or SYSLOGUDP.

    add service <name>(<IP> | <serverName>) <serviceType (SYSLOGTCP | SYSLOGUDP)> <port>

  2. Add a load balancing virtual server, specify the service type as SYSLOGTCP or SYSLOGUDP, and load balancing method as AUDITLOGHASH.

    add lb vserver <name> <serviceType (SYSLOGTCP | SYSLOGUDP)> [-lbMethod <AUDITLOGHASH>]

  3. Bind the service to the load balancing virtual server.

    Bind lb vserver <name> <serviceName>

  4. Add a SYSLOG action and specify the load balancing server name that has SYSLOGTCP or SYSLOGUDP as service type.

    add syslogaction <name> <serverIP> [-lbVserverName <string>] [-logLevel <logLevel>]

  5. Add a SYSLOG policy by specifying the rule and action.

    add syslogpolicy <name> <rule> <action>

  6. Bind the SYSLOG policy to the system global for the policy to take effect.

    bind system global <policyName>

Load balancing of SYSLOG servers using the GUI

  1. Add a service and specify the service type as SYSLOGTCP or SYSLOGUDP.

    Navigate to Traffic Management > Services, click Add and select SYLOGTCP or SYSLOGUDP as protocol.

  2. Add a load balancing virtual server, specify the service type as SYSLOGTCP or SYSLOGTCP, and load balancing method as AUDITLOGHASH.

    Navigate to Traffic Management > Virtual Servers, click Add and select SYLOGTCP or SYSLOGUDP as protocol.

  3. Bind the service to the load balancing virtual server.

    1. Navigate to Traffic Management > Load Balancing > Virtual Servers, select the load balancing virtual server, and click Edit.
    2. In the Services and Service Groups section, click Load Balancing Virtual Server Service Binding and click Add Binding.
    3. On the Service Binding page, click Select Service, select the service with service type as SYSLOGTCP or SYSLOGUDP, and click Select.
    4. On the Service Binding page, click Bind.
    5. Click Close and then Done to navigate back to the Virtual Servers page.
  4. Add a SYSLOG action and specify the load balancing server name that has SYSLOGTCP or SYSLOGUDP as service type.

    Navigate to System > Auditing, click Servers and add a server by selecting LB Vserver option in Servers.

  5. Add a SYSLOG policy by specifying the rule and action.

    Navigate to System > Syslog, click Policies and add a SYSLOG policy.

  6. Bind the SYSLOG policy to the system global for the policy to take effect.

    Navigate to System > Syslog, select a SYSLOG policy and click Action, and then click Global Bindings and bind the policy to system global.

Example:

The following configuration specifies load balance of SYSLOG messages among the external log servers using the AUDITLOGHASH as load balancing method. AUDITLOGHASH method load balances the traffic based on input hash value from the audit agents. The agents are the modules which generate auditlog in a NetScaler appliance. For example, if an agent LSN wants to load balance auditlogs based on client IP address, LSN module generates the hash value based on clientIP and passes the hash value to auditlog module. The auditlog module sends the auditlog messages which have same hash value to the external syslog server.

The NetScaler appliance generates SYSLOG events and messages that are load balanced amongst the services, service1, service2, and service 3.

add service service1 192.0.2.10 SYSLOGUDP 514
add service service2 192.0.2.11 SYSLOGUDP 514
add service service3 192.0.2.11 SYSLOGUDP 514
add lb vserver lbvserver1 SYSLOGUDP -lbMethod AUDITLOGHASH
bind lb vserver lbvserver1 service1
bind lb vserver lbvserver1 service2
bind lb vserver lbvserver1 service3
add syslogaction sysaction1 -lbVserverName lbvserver1 -logLevel All
add syslogpolicy syspol1 ns_true sysaction1
bind system global syspol1
<!--NeedCopy-->

Use the following command to configure SYSLOG using LB server with FQDN when ICMP packet is blocked: set service service1 -healthMonitor NO

Limitations:

  • The NetScaler appliance does not support an external load balancing virtual server load balancing the SYSLOG messages among the log servers.
Load balancing SYSLOG servers

In this article